CVE-2023-24047

An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm...

CVE-2023-24047

An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm...

Design/Logic Flaw

An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm...

CVE-2023-24047

An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm...

CVE-2023-24047

An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm...

CVE-2023-24047

Technical details for CVE-2023-24047 are not publicly available in the provided documents. Monitor for updates.

PT-2023-8747 · Jose4J · Jose4J

Name of the Vulnerable Software and Affected Versions: jose4j versions prior to 0.9.4 Description: The issue is related to the improper implementation of the PBES2 algorithm in the jose4j component when handling the p2c parameter. This can allow a remote attacker to cause a denial of service due ...

OESA-2023-1859 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: An out-of-bounds read vulnerability was found in Netfilter Connection Tracking conntrack in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.CVE-2023-39197 A null pointer...

ALPINE-CVE-2023-5981

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

JSON Web Token (JWT) Algorithm Confusion

fast-jwt is vulnerable to JWT Algorithm Confusion. The vulnerability is caused by a missing validation on publicKeyPemMatcher constant defined in fast-jwt/src/crypto.js which is used to match all common PEM formats for public keys. An attacker can craft a malicious JWT token utilizing the HS256...

GHSA-C2FF-88X2-X9PG JWT Algorithm Confusion

Summary The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. Details The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. To exploit this vulnerability, an attacker needs to craft a...

JWT Algorithm Confusion

Summary The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. Details The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. To exploit this vulnerability, an attacker needs to craft a...

CVE-2023-48223

fast-jwt provides fast JSON Web Token JWT implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. ...

Type confusion

fast-jwt provides fast JSON Web Token JWT implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. ...

CVE-2023-48223 fast-jwt JWT Algorithm Confusion

fast-jwt provides fast JSON Web Token JWT implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. ...

CVE-2023-48223

fast-jwt prior to v3.3.2 contains a publicKeyPemMatcher bug that fails to cover all PEM formats for public keys, enabling an algorithm-confusion attack (HS256 signed with an RSA public key) when RS256 is used and the verifier does not explicitly specify an algorithm. A patch in v3.3.2 fixes this ...

CVE-2023-48223 fast-jwt JWT Algorithm Confusion

fast-jwt provides fast JSON Web Token JWT implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. ...

Json Web Token (JWT) Bypass

json-web-token is vulnerable to Json Web Token JWT Bypass. The vulnerability is due to an insecure mechanism used while verifying the signature of a JWT. The library blindly trusts the algorithm listed in the token without further verification. An attacker can forge a token using the HS256...

PT-2023-30740

Name of the Vulnerable Software and Affected Versions fast-jwt versions prior to 3.3.2 Description The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats...

GHSA-4XW9-CX39-R355 json-web-token library is vulnerable to a JWT algorithm confusion attack

Summary The json-web-token library is vulnerable to a JWT algorithm confusion attack. Details On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT token is taken from the JWT token, which at that point is still unverified and thus shouldn't be trusted. To...